| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||
Solution Type Technical Instruction Sure Solution 2041725.1 : Oracle ZFS Storage Appliance: How to allow the users specific roles using RESTful API permissions
In this Document
Applies to:Oracle ZFS Storage ZS3-4 - Version All Versions to All Versions [Release All Releases]Oracle ZFS Storage ZS4-4 - Version All Versions to All Versions [Release All Releases] Sun ZFS Storage 7420 - Version All Versions to All Versions [Release All Releases] Oracle ZFS Storage ZS3-BA - Version All Versions to All Versions [Release All Releases] Sun ZFS Storage 7320 - Version All Versions to All Versions [Release All Releases] 7000 Appliance OS (Fishworks) GoalCreate a ZFS appliance user account with a very restricted role - such that they are ONLY able to exercise a specific RESTful API role.
SolutionIn the users account under RESTful API check the following information. In this example the specific role to take a manual snapshot. This is created in the BUI under https://your-hostname:215/#configuration/users -- edit the user --- 'Exceptions' Scope: Project and Shares, Pool_name {"user":
{"href": "/api/user/v1/users/Backup", "logname": "Backup", "fullname": "Backup Process", "initial_password": "DummyPassword", "require_annotation": false, "roles": ["Snapshot"], "kiosk_mode": false, "kiosk_screen": "status/dashboard", "exceptions": [], "preferences": {"href": "/api/user/v1/users/Backup/preferences", "locale": "C", "login_screen": "status/dashboard", "session_timeout": 15, "advanced_analytics": false, "keys": [] } }} {"role":
{"href": "/api/role/v1/roles/Snapshot", "name": "Snapshot", "description": "Snapshot Processing", "authorizations": [{"scope": "nas","pool": "SAS","project": "WebCenter","share": "*", "allow_changeAccessProps": false, "allow_changeGeneralProps": false, "allow_changeProtocolProps": false, "allow_changeSpaceProps": false, "allow_changeUserQuota": false, "allow_clearLocks": false, "allow_clone": false, "allow_createProject": false, "allow_createShare": false, "allow_destroy": false, "allow_promote": false, "allow_rename": false, "allow_rollback": false, "allow_rrsource": false, "allow_rrtarget": false, "allow_scheduleSnap": false, "allow_scrub": false, "allow_shadowMigration": false, "allow_takeSnap": true, "href": "/api/role/v1/roles/Snapshot/authorizations/auth-000" }] }}
The important information from the user account is /api/user/v1/users/Backup
"logname": "Backup", "roles": ["Snapshot"],
The important information from the role is /api/role/v1/roles/Snapshot
{"role": {"href": "/api/role/v1/roles/Snapshot", "name": "Snapshot", "description": "Snapshot Processing", "authorizations": [{"scope": "nas","pool": "SAS","project": "WebCenter","share": "*", "allow_takeSnap": true, "href": "/api/role/v1/roles/WCC_Snapshot/authorizations/auth-000"
Confirm if the users account had a password change from the time the script was written. If, yes. Refreshing the password fixed the issue.
Referenced documentation to help resolve the issue: Use the Role RESTful API service to check users current roles and authorizations. Referenceshttp://docs.oracle.com/cd/E51475_01/html/E52433/makehtml-id-121.html#scrolltochttp://docs.oracle.com/cd/E51475_01/html/E52433/makehtml-id-250.html#scrolltoc Attachments This solution has no attachment |
||||||||||||||||
|
||||||||||||||||